2. PROBLEM IDENTIFICATION
1 Customized Objects
2 STD Objects
3 Dummy/Testing Objects
Objects = Procedures + Function + Packages
3. EXISTING POSITION OF DATABASE OBJECTS
DIRMAT OPS_PROD INDIRECT
MKT PPC FIN
HR ATTEN TRAIN
4. PRAPOSED POSITION OF DATABASE OBJECTS
DIRMAT OPS_PROD INDIRECT
MKT PPC FIN
HR ATTEN TRAIN
5. Example
• If we have 50 STD Objects and If we have
20 schema
• 1000 Objects are Present in Database
INDIRECTLY
Same 50 Objects Present in Same DATABASE 20 TIMES
6. WHAT IS THE SOLUTION ?
Schema Schema
A B
DIRMAT INDIRECT
MAKE Schema A LIKE Schema B
USE Invoker-Rights
7. What is Invoker-Rights?
• Invoker rights is a new model for resolving
references to database elements in a
PL/SQL program unit. From Oracle 8i
onwards, we can decide if a program unit
should run with the authority of the definer
or of the invoker. This means that multiple
schemas, accessing only those elements
belonging to the invoker, can share the
same piece of code.
8. Existing Method of Objects utilization
DIRMAT INDIRECT
Declare Pkg_trans Declare Pkg_trans
... ...
Begin Begin
Select… Select…
End; End;
Table
OPS_PROD Table
Declare Pkg_trans
...
Begin
Select…
End;
PPC MKT
Table
Declare Pkg_trans Declare Pkg_trans
... ...
Begin Begin
Select… Select…
End; End;
Table Table
9. Objects utilization with Invoker-Rights
DIRECT INDIRECT
Pkg_trans Pkg_trans
OPS_PROD
Pkg_trans
Table Table
Declare
...
Begin
Select…
End;
PPC MKT
Table
Pkg_trans Pkg_trans
Table Table
10. Exec sp_control
User X User Y
Sp_control Sp_control
DIRMAT_CTL MKT_CTL
DIRMAT MKT
11. Exec mkt.sp_control
User X User Y
Sp_control Sp_control
DIRMAT_CTL MKT_CTL
DIRMAT MKT
12. Exec sp_control
User X User Y
Sp_control
DIRMAT_CTL MKT_CTL
DIRMAT MKT
13. When you create a PL/SQL program unit,
you can include an optional AUTHID
clause.
There are two forms of this clause:
• AUTHID DEFINER
• AUTHID CURRENT_USER
AUTHID DEFINER is the default
14. WITH definer rights WITH invoker rights
create or replace procedure P create or replace procedure P
as AUTHID CURRENT_USER
Begin as
--------- Begin
------- ---------
end; -------
end;
15. Exec sp_control
User X User Y User Z
Sp_control
DIRMAT_CTL
PROD_CTL MKT_CTL
DIRMAT OPS_PROD MKT
16. Existing Problem
• If Changes done deploy to All Schema time consuming work
• Chances of Missing to some schema results in Issues
• More Objects More Maintenance
• Accumulation of Un-necessary Objects end up in JUNK Objects
• More Time for Backup and Recovery
17. Benefits
• No Need of Deployment to Other schema in case of Changes
• Changes only in one place, lot of time saved
• Less Maintenance due to less Objects
• Security as Only Authorized person have access
• Fast Backup and Recovery due to Less Objects
18. Limitations
• Not advised for big processing procedures as performance impact
• Implementation always with core schema
19. Steps
Conn OPS_PROD/OPS_PROD
create or replace procedure P AUTHID CURRENT_USER as
Begin
---------
-------
end;
grant execute on p to dirmat
conn dirmat/dirmat
exec ops_prod.p;
grant execute on p to public
create public synonym sp_control for ops_prod.p;
conn dirmat/dirmat
exec sp_control;